SwiconJobs | IT és üzleti állások

Your dream job is just a click away

Senior IT Compliance Manager



Effective: 18.06.2018.
Last modified: 01.09.2021.


1. Data controller data

Name of the data controller: SWICON Trading and Service Company Limited by Shares

Registered office: 1031 Budapest, Záhony utca 7.

Phone: +36 (1) 883-9860

Email: adatvedelem@swicon.com

Website: https://swicon.com

Company registration number: 01-10-046053

Name of the Data Protection Officer: Madarassy Law Office -
Email address: office@madarassy-legal.com

The Data Protection Officer: László Tündik

2. Purpose of the notice

The purpose of this privacy notice is to provide data subjects (in this case, jobseekers) with information about the processing of their personal data in a clear and comprehensible way.

Our company deals with recruitment, placement, personal counselling and related database management. Personal data is processed in the context of these activities, specifically to help our clients find and post jobs.

Our role is to assess the employability of candidates for the vacancies and positions advertised by employers, in order to meet the expectations of our employer partners who have a contractual relationship with us.

We create a database of the personal data of job applicants, and we process their data in our database - based on the consent of the data subjects - in order to employ them in the future and to contact them with new job offers.

The collection, storage, transfer of personal and sensitive data to third parties and any other processing activities will be carried out in such a way that no unauthorised person/persons have access to it.

In conducting our data processing activities, we pay particular attention to the spirit and the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the GDPR on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).

3. General purpose of data processing

The Data Controller is engaged in recruitment, placement, personal counseling, and related database management. The processing of personal data of applicants is carried out in the context of these activities for the purpose of facilitating job search, including the necessary selection procedures, tests, and processing of job offers.

In order to employ applicants in the future and to contact them with new job offers, the Data Controller manages the personal data provided in its database.

4. Data processed

4.1 Newsletter subscription

Concerned parties: interested parties who subscribe to receive information or marketing content

Purpose of processing: sending information or marketing content

Activity Data type Legal basis Target Guarding time
Subscribe to newsletter User name, email address, platform used Consent Send newsletter until consent is withdrawn

The data management process:

Interested parties can subscribe to our newsletter via Messenger (and later on the website). Subscription is based on consent.

If someone subscribes to the newsletter, we will send the newsletter to the e-mail address they have provided until they withdraw their consent.

Anyone can unsubscribe at any time by using the unsubscribe link provided when they subscribe.

4.2 Processing of cookies on the Website

Concerned parties: website users

Purpose of data processing: user-friendly services on the website

Activity Data type Legal basis Target Guarding time
How cookies work information about the devices and settings used by the user Consent Ensuring a user-friendly website experience See text

The data management process:

The controller uses cookies in the operation of its website, which also collect personal data about visitors. The legal basis for the processing of the personal data obtained from them is the consent of the visitor.

Cookies: what cookies do:

  • collect information about visitors and their devices;
  • remember visitors' individual preferences, which are (or may be) used;
  • make the website easier to use;
  • provide a quality user experience.

In order to provide a personalised service, a small piece of data, a cookie, is placed on the user's computer and read back during a subsequent visit. If the browser returns a previously saved cookie, the cookie management service provider has the possibility to link the user's current visit to previous visits, but only for its own content.

Session cookies are strictly necessary:

The purpose of these cookies is to allow visitors to browse the website, use its features and services fully and smoothly. This type of cookie is valid until the end of the session (browsing) and is automatically deleted from the computer or other browsing device when the browser is closed.

The data subject's choice in relation to the cookie: web browser cookies: in the browser settings, the data subject can accept or reject new cookies and delete existing cookies. You can also set your browser to notify you each time a new cookie is placed on your computer or other device. You can find more information about how to manage cookies in the "help" function of your browser. If a visitor chooses to disable some or all of the cookies, he or she will not be able to use all of the website's features.

Third-party cookies (analytics): the website of the controller also uses, for example, Google Analytics as a third-party cookie. Google Analytics is a web analytics service used by the controller to collect information about how visitors use the website. The data is used to improve the website and the user experience. These cookies will also remain on the visitor's computer or other browsing device, their browser, until they expire or until they are deleted by the visitor. The IP address transmitted by the visitor's browser in the context of Google Analytics will not be merged with other Google data. You may refuse the storage of cookies by selecting the appropriate settings on your browser software, however, if you do this you may not be able to use the full functionality of this website. In addition, the visitor can prevent the collection of data (including his IP address) generated by cookies and relating to the visitor's use of the website by Google and the processing of this data by Google by downloading and installing the browser plug-in under the link below. The current link is http://www.google.com/policies/privacy/ads/.

Children's data, processing of special categories of personal data: the data subject declares that he or she is at least 16 years of age in relation to the use of the customer contact form on the website of the controller and the acceptance of cookies on the websites. A person under the age of 16 may not contact the controller through the customer contact form on the controller's website, nor may he/she make a statement regarding the acceptance or rejection of cookies, given that, pursuant to Article 8(1) of the GDPR, the validity of his/her consent to the processing of personal data requires the consent of his/her legal representative. The controller is not in a position to verify the age and entitlement of the person giving consent, so the data subject warrants that the data he or she has provided are accurate. The controller shall not record any specific data that the controller has obtained or has obtained. If such data have been entered into any of the controller's systems without the controller's knowledge, the controller shall delete them from the system as soon as they are detected.

4.3 Selection of workforce, recruitment

Concerned parties: people who apply directly for a position at Swicon Group, as well as people who are contacted by Swicon staff for a specific position on the basis of their data uploaded on LinkedIn, Profession.hu or other openly accessible databases.

Purpose of data processing: to select a workforce that meets the requirements and to keep a register of competent persons for future recruitment.

Activity Data type Legal basis Target Guarding time
Find a job Data provided in your CV (name, date and place of birth, address, education, schools, previous jobs, telephone number, e-mail address, marital status, children, other data provided, photo) Consent Selecting the right workforce for the job Until withdrawal of consent/ 3 years
Interview with Name, personal details given at interview Consent Conduct interviews to select the right staff for the job Until withdrawal of consent/ 3 years
Offer Name COnsent Request for proposal Until withdrawal of consent/ 3 years
bid amount

The data management process:

When selecting and recruiting staff, we are looking for workers either for ourselves or for our clients. Positions advertised by our clients may be either filled by the client or outsourced by Swicon.

We are recruiting for specific advertised positions. By applying for the advertisement, the applicant becomes aware of the contents of this privacy notice. By submitting your CV and personal data, you consent to the processing of your data. If you do not agree to the processing of your data, please do not send us any data.

On the basis of the information provided by the applicants and the CVs in our database, we will select the most suitable candidates, interview them in person or by telephone, inform the recruitment partner and, if pre-selected, forward their details to the recruitment partner. There will be an opportunity to withdraw consent at the interview.

If we find a suitable person for the position based on data from other sources (e.g. LinkedIn, Profession.hu), we will contact them by phone or email, inform them about the data management information and only include them in our database based on their consent.

If our client partner is looking for self-employed staff, the further selection process will be carried out by the partner who advertises the position. If Swicon will employ the selected staff member, the selection process will be carried out jointly with the client partner.

Applicants' personal data will be processed for a maximum of 3 years from the date of consent, but consent may be renewed during the course of contacts.

If the candidate is selected and hired by Swicon, his/her data will be further processed as employee data, which is subject to a separate privacy notice.

4.4 Database construction

Concerned parties: people who apply directly for a position at Swicon Group, as well as people who are contacted by Swicon staff on the basis of their information uploaded on LinkedIn, Profession.hu or other openly accessible databases.

Purpose of data processing: to find suitable staff for future vacancies.

Activity Data type Legal basis Target Guarding time
Building a database for recruitment Data provided in your CV (name, date, and place of birth, address, education, schools, previous jobs, telephone number, e-mail address, marital status, children, other data provided, photo) Consent Registering competent persons for future recruitment Until withdrawal of consent/ 3 years

The data management process:

If the data subject has given his or her consent, his or her CV will be recorded in a database in order to be taken into account in future job vacancies. The data will be kept in our system until consent is withdrawn or for a maximum of 3 years. Consent may be renewed. The data will only be transmitted to the partner posting the vacancy when selected for a specific position (see point 4.1)

5. Data security

We have put in place technical and organisational measures and procedures to ensure the security of the personal data we process.

Appropriate measures are taken to protect the data against unauthorised access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction or damage, and loss of access due to changes in the technology used.

Personal data is only accessed by our employees who need to know it in order to perform their duties.

For data security

  • assess and take into account potential risks in the design and operation of the IT system, with a view to continuously reducing them
  • monitor emerging threats and vulnerabilities (e.g. computer viruses, computer intrusions, denial of service attacks, etc.) to take timely action to avoid and prevent them
  • protecting IT assets and paper-based information against unauthorised physical access and environmental impacts (e.g. water, fire, electrical surges)
  • monitor our IT systems to detect potential problems and incidents
  • we take great care to train staff in information security and raise awareness
  • reliability is a key criterion in the selection of service providers

6. Transmission, transfer of data

The Data Controller's activities are specifically aimed at transferring or transmitting the personal data of applicants (and the CVs and related documents containing them) to other data controllers (primarily potential employers).

In the case of data transfers abroad, the level of data protection legislation in the third country to whose territory the Controller transfers the personal data may be lower than the level of EU legislation. Such transfers to third countries will be made by the Controller only after prior information of the data subject and only if the controller/processor in that country guarantees that enforceable rights and remedies are available to protect the data.

The data is accessible to all employees of the Swicon Group whose work requires access to the data (basically, employees involved in recruitment, placement and operation of the system).

The members of the SwiconGroup group of companies primarily provide IT operational and administrative support services to Swicon Zrt., in the course of which they can gain access to the data processed and are therefore considered data processors:

YMMO-ONE Ltd., 2724 Újlengyel, Ady Endre utca 41., Company registration number: 13 09 174437

ITIL-PRO Ltd., 1031 Budapest, Záhony utca 7., Tel: +36 (1) 883-9866., Company registration number: 01 09 739887

For data protection issues, both of the above organisations can be contacted via Swicon Zrt.'s data protection contact details: adatvedelem@swicon.com , Tel: +36 (1) 883-9860.

In principle, the data may be accessed by service providers involved in the operation of our systems concerned and in the provision of telecommunication lines.

The database described in section 4.4. is operated using the HRSoftware CRM software, operated by HRSzoftver Kft. Address: 2045, Törökbálint, Kossuth L. u. 40. Email: hello@hrszoftver.hu Company registration number: 13-09-190859 Tel:+ 36 30 900 0367

In order to implement the contract in electronic form, Swicon Zrt uses an external service provider, which, as the operator of the service, has access to the data stored there. Details of the service provider.
Registered office: 2643 Diósjenő, Dózsa György út 28./b Postal address: 2600 Vác, Deákvári fasor 35. Fsz4.

Firstbird referral system operator and DPO details:

firstbird GmbH Hietzinger Hauptstrasse 34 1130 Vienna, Austria

DPO firstbird GmbH Hietzinger Hauptstrasse 34 1130 Vienna, Austria

7. More information

Personal data are the conclusions that can be drawn about the applicant, in particular that he/she is looking for a job and the type of job he/she is seeking. The Data Controller will not pass on this information to other recruitment agencies.

There are certain details that you must provide in order to be able to use the service. Due to the nature of the services provided by the Data Controller, the voluntary nature of consent is not affected by the fact that the provision of certain data is a condition for the provision of the service.

The Data Controller is not responsible for any special data (e.g. in a CV) that you have provided without your explicit request. In the event that a candidate discloses to the Data Controller information that constitutes sensitive data for any reason, he/she shall be required to give a separate written consent to the processing of the sensitive data. If the candidate brings such data to the attention of the Data Controller and does not give an explicit written consent, the Data Controller shall delete the special data provided without delay.

8. Rights of data subjects

Everyone concerned has the right to:

  • To be informed of the processing concerning him/her before it starts (by means of this privacy notice).
  • Have access to all information concerning the processing of personal data concerning them
  • Request the correction of incorrect, inaccurate or incomplete data
  • Request the erasure (forgetting) of your personal data
  • Request restriction of processing
  • Object to the use of your data in certain cases, for example for marketing purposes
  • Right of redress against data processing

These rights can be exercised by the data subject in writing using the contact details provided in point 1 or in person by prior arrangement. We will endeavour to respond to all requests as soon as possible, but not later than 15 working days.

In the event of a breach of their rights, data subjects can turn to the National Authority for Data Protection and Freedom of Information

Address: 1055 Budapest, Falk Miksa utca 9-11.

Address for correspondence: 1374 Budapest, Pf. 603.

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

www: http://www.naih.hu

e-mail: ugyfelszolgalat@naih.hu